MRV and Robotic 
Systems Briefing 



Introduction 




MRV: Vehicle Specs 


Design speed: 64 kph (40 mph) 

- Currently computer limited to 25 
kph 

Curb weight: 900 kg (2000 lb) 



Battery Pack 


HMI Steering System 
HMI Pedal System 


Footprint: 2.15 x 1.55 
(7' x 5') 

By-wire without 
mechanical backup 


BodyShell 


ChargingPort 
Central Computer 
Power Electronics 


HMI Joystick 
HMI Display 


Coolant Reservoir 
Radiator 
Coolant Pump 


E-Corner 


Pedal-by-Wire Design 


Rotation sensor (Prod Part) 




Level 


Linear Sensor 

Spring 

Pedal with 
force sensor 
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Wheel Modules 




MRV FMEA 


DFMEA Driven - 

MRV Scenarios 

Failure Type (FT) 
1. Power Bus: 

(HV, 12v) 

Description 

All systems go off-line, emergency braking & steering system? 
Driver's input ignored 

2. Hardware Failure: 

Motor Failure, Mechanical or mechanism failure 

3. Network Failure: 

Network or a portion of network has failed (Node, Wiring, Connector) 

4. Code Failure: 

Program code and/or algorythim has failed or frozen 

5. Operator: 

Vehicle driver is unfamiliar and or confused in vehicle's operation 

FUNCTION CRITICALITY (FC) 

1. Loss of life or Loss of vehicle control 

2. Unable to complete trip or journey, requires immediate attention: stop - repair 

3. Unable to complete trip or journey, does not require immediate attention: reduced performance 

4. Loss of component or system has no critical effect 


Supervisory Control Architecture * 


Criticality Definitions from SSP 30234 (Rev F) 

Category Definition 

1 Single failure point that could result in loss of Space Station. Orbiter, or loss of flight or ground personnel. 

1R Redundant items, all of which if failed, could result in loss of Space Station or loss of flight or ground personnel. When 
assigning criticality to an item whose failure results in the use of an emergency system, each safety system functional 
string shall be considered as redundancy that provides additional protection from a particular failure mode, e.g., a 
pressure tank is 1 R for rupture when a relief valve exists. 

ISA single failure point of the system component designed to provide safety or protection capability against a potentially 
hazardous condition or event or a single failure point in a safety or hazard monitoring system that causes the system to 
fail to detect, or operate when needed during the existence of a hazardous condition that could lead to loss of flight or 
ground personnel or Station (e.g., fire suppression, medical hardware). 

1 P A single failure point that is protected by a safety device, whereby the functioning of the safety device, would prevent 
the hazardous consequences of the failed (protected) component. This criticality category is no longer used as of Revision 
F of this document, but existing analyses will not be revised. 

1SR Redundant components designed to provide safety or protection capability against a potentially hazardous condition 
or event, all of which if failed could cause the system to fail to detect, or operate when needed during the existence of a 
hazardous condition that could lead to loss of flight or ground personnel or Station; or redundant components within a 
safety or hazard monitoring system, all of which if failed could cause the system to fail to detect, or operate when needed 
during the existence of a hazardous condition that could lead to loss of flight or ground personnel or Station. 

2 Single failure point that could result in loss of critical mission support capability, as defined below. 

2R Redundant items, all of which if failed, could result in loss of critical mission support capability. 

2N Single failure point that could lead to loss of function resulting in worst case effects not assessed as or deemed typical 
of Criticality 1 or 2, and more significant than Criticality 3. Also, a single failure point that could result in loss of a primary 
maintenance support system. These systems support/perform maintenance tasks for multiple ORUs whereas failure of 
the redundant ORUs could result in loss of critical Station functionality. Criticality 2N items are not categorized as critical 
items. 

2NR Redundant items that could lead to loss of function resulting in worst case effects not assessed as or deemed typical 
of Criticality 1 or 2, and more significant than the Criticality 3. Also, redundant items that could result in loss of a primary 
maintenance support system. These systems support/perform maintenance tasks for multiple ORUs whereas failure of 
the redundant ORUs could result in loss of critical Station functionality. Criticality 2NR items are not categorized as critical 
items. 

3 All others. 


Fail Operational Matrix developed 
for supervisory & local definitions of 
failure scenarios and controlled 
reaction scenarios 


IF 

FT 

FC 

CR 

Then 


1 . Control Freezes - multiple corners (2+) 

2,3,4 

1 

1 

Controlled Stop 

2. Control Lost - multiple corners (2+) 

1 ,2,3,4 

1 

1 

Controlled Stop 

3. Angle Sensors Failure - single corner 

2 

2 

1 R 

Controlled Stop 

4. Motor(x2) Failure - single corner 

2 

2 

1 R 

Controlled Stop 

5. Erratic operation - single corner 

2,3,4 

1 

1 R 

Controlled Stop 


























Acceleration 


IF 

FT 

FC 

CR 

Then 


1 . Control is lost (Runaway) 

2,3,4 

1 

1 

Controlled Stop 

2. Control Lost (Fixed State) 

3,4 

1 

1 

Controlled Stop 

3. Control Lost (No Response) 

1 ,2,3,4 

1 

1 

Controlled Stop 

4. Control Lost (Erratic) 

2,3,4 

1 

1 

Controlled Stop 































IF 

FT 

FC 

CR 

Then 


1 . Traction goes offline - multiple corners (3+; No Response) 

1 ,2,3,4 

2 

2R 

Controlled Stop 

2. Read Head Failure (Signal Lost) 

2 

3 

2R 

Use Remaining Propulsion 

3. Erratic operation (Response does not correlate with command) 

3,4 

1 

1 

Controlled Stop 

4. System Overheats 

2 

2 

2 

Controlled Stop 

5. Traction goes offline - single corner (No Response) 

1 ,2,3,4 

3 

2R 

Use Remaining Propulsion 


























IF 

FT 

FC 

CR 

Then 


1 . Control is lost - multiple corners (No Response) 

2,3,4 

1 

1 

Cotrolled Stop 

2. Control Freezes - single corner (Brakes Locked) 

2,3,4 

1 

1 

Cotrolled Stop 

3. Motor Fails - single corner (No Response) 

1,2 

3 

1 R 

Use remaining brakes 





































Electrical (HV) System 

IF 

FT 

FC 

CR 

Then 

Indicator 


1. Battery Failure 


2. Battery Maintenance System Failure 


3. Power Distribution Failure 


Power Electronics 



• Existing Power Classes 

- 600V (12kV IPM) 

• 75A (MRV) 

• 225A (CG2) 

• Rugged IGBT switch 
technology 

• Multi-loop embedded 
model-based control 

- Current, Velocity, Position 

• Modular design enables 
rapid re-use 
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MRV Power Electronics Packaging 


• Motor controller cold-plate 
integrated with structure 

• Capacitor bank with bus bar 
connections 




Next generation housing design incorporates new thermal design 
and process. Placement of motor controllers have taken advantage 

of cooling design efficiencies. 



MRV Active Thermal Management 



Pre-cooling 

strategy 

High max 
pressure on 
radiator 

Lower initial 
temperature wi 
increase heat 
removed 


Est. Peak System Total: 5245\A 
Est. Steady System Total: 138C 





MRV Electrical Power System (EPS) 



Loads 


External Battery 













MRV Electrical Power System 


Low Voltage PDU 

- PCM Board 

• Redundant DC-DC 
conversion from 300V to 
24V 

• Fault Detection 

- PCS Board 

• Redundant MCUs 

• Redundant Low Voltage 
Power Switching 

• Current Sensing 

• Comm via CAN Bus, 
RS232, 12C 


• High Voltage PDU 

- HVS Board 

• Redundant High Power 
Switching 

• Redundant MCUs 

• Fault Detection 

• Pre-charge control 

• HV Current Sensing 

• Comm via CAN Bus, 
RS232, I2C 



MRV Redundant Low Voltage PDU 










MRV Energy Storage 

• MRV Battery Capacity - 18 kW hrs 

• Cell Architecture - derived from Chariot 1 

• Large format cells 

• 292 V nominal, 60 amp hr Lithium ion battery 

• Single series string of cells 

• 80 cells in series 

• Cells purchased from Gaia 

• MRV used COTS Battery Management System 

• Manufactured by l+ME 

• Procured through a distributor, Lithium 
Technologies Corporation, Fairfax, VA 


MRV Energy Storage 


• Form factor/architecture - modules of 10 cells, easy to carry 
a module. BMS mounted in MRV, interfaced to each module 

• Bus voltage - 292V, varies at the motor 

• Thermal control - No thermal control for battery, minimal 
airflow 

• Low capacity backup systems - Original plan in frame was to 
carry 3 batteries, this would give two fault tolerance. Large 
batteries ended up winning the day 

• Charging 

• Interfaces - High voltage power supplies, constant current, constant 
voltage 

• Charge rates - nominal 0.2C or 11 amp; maximum 1.0C or 55 amps; 
to extend life, we've been doing < 5 amp 

• Non-mobility loads (HVAC, etc) -computers, pumps 



MRV Energy Storage 


• 50 amps per wheel, peak up to 60 kW propulsive 
power 

• Static power draw 1.5 kW 

• Not optimized for minimum power draw 
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MRV 


PLSS 


Battery Design Experience 


Resource Prospector Rover Valkyrie 


Centaur 2 


Space Exploration Vehicle 


Robonaut 2 



Battery Management 
Design Strategy 


r 


-\ 


Battery Sizing 


Thermal Design j 
And 
Analysis 


v 


J 
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Cell Screening 
And 

Assembly 












Boston Power Lithium ion cells 


37.3 


Specifications 


64.8 mm- 




■\ 19.0 men 
| L 

^Boston -> 

PDWER^/ 

Tim 1 

Swing 6 5300 

Vent Side 
Made in Taiwan 




J 


Certifications 

UN 38.3. UL1 642. IEC 62133, ROMS 2002/95/EC 
In Process: Nordic Ecolabel 


Cycle Life at 100% Depth of Discharge (DOD) 


Nominal capacity 1 

5300 mAh 

Nominal energy 1 

19.3 Wh 

Nominal voltage 

3.65 V 

Gravimetric 

207 Wh/kg 

Energy density 

Vdumetnc 

490 Wh/L 

Nominal cell impedance 

15-5 mQ 

100% DOD 

>1000 cydes 

C ^ fe 90% DOD 

(1C discharge at 23*C) 

80% DOD 

>2000 cydes 

>3000 cydes 

Max continuous discharge rate 
jjO-100% SOC) 

13 A 

Allowable 10s pulse capability 2 

1000 W/kg 

Standard Constant current (CC) 

3.7A (0.7C) to 4.2V 

charging 

method Constant voltage (CV) 

4.2V to 50 mA 

Max charge rate (continuous) 

10.6 A 

Nominal cell weight 

93.5 g 

Charge 

-20 to +60 *C 

OpMNM MDMfttf re 

Discharge 

-40 to +70 *C 

Storage Temperature 

40 to +60 *C 


5300 mAh 


207 Wh/kg 


>1000 Cycles to 
100% Depth of 
Discharge 


' Standard discharge 0 l 2C to 2-75 V 
to 100% SOC 


http:/ /www.boston-power.com/ sites/default/files/ documents/940 - 
0013-001_Swing_5300_DS_Rev_001_0.pdf 
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Boston Power Swing 5300 Features 




Boston Power Swing 5300 Features 

° Small elliptical cell format 37.3mm 

° Nordic and Chinese Ecolable certification 
° Aluminum Can 

• High heat transfer rate vs cells using steel cans 

• Inherently lower venting pressure 

• Eliminates corrosion issues associated with Fe-containi'ng cans 



^Boston > 

POWER/ 

Swing 6 5300 


Vent Side 
Made in Taiwan 


\ 


64.8mm 













3 layered separator 

Current 

Interruption Device 

Directed; 

redundancy 

Less catastrophic 

Mechanism 

■ Pores shut down at 
high temperature 

■ Pressure fuse 

■ Non-resettable 

■ Protect from 
pressure buildup 

■Vent direction 
controllable 
■ 2 vents for 
redundancy 

■Aluminum vs. 
steel for 18650 

Devices 

Protects 

Against 

* Overcharge 
■Over temperature 

■ Internal shorts with 
temperature 
increase <150 °C 

■ Overcharge 
■Over temperature 

0 Explosion 
■Cascading (cell- 
to-cell runaway 
initiation) 

■ Explosion 


Swing Safety Components 



19mm 




Backpack Baseplate Shell « 


Backpack Power Fuse 
Backpack Power Relay 


Battery Insulation 
Access Panel 


, R2 Battery 
Backpack Cooling Fan 


Robonaut Battery 5/5/2014 


Backpack Charger Board 


R2 Batpack 


Aluminum Cartridge Support Rods 
Series Flex Circuit 



Cartridge 
Support'Cover Plate 


BMS Slave Card \ Catridge 

Slave Card Bracket Terminals Cartridge 

Alignment Plate 


Battery Access 
Panel Frame 


Battery Support Rods 



Cell Configuration: 300 cells in full pack 


• 5 Series connected cartridges 
• 5 Virtual cells in series per cartridge 
• 12 parallel cells per virtual cell 


Energy: 5790 Wh 


• Total Pack Assembly Weight = 37.421 kg 

• Effective Energy Density = 154.724 Wh/kg 


Operating Voltage: 105V - 65V 


• Nominal pack voltage: 92.4V 


Max Continuous Discharge: 156 A 





5 Virtual cells in series 


Full Battery Pack (5s Cartridges) 


Virtual Cell (l2p) 







Valkyrie 


Cell Configuration: 96 cells in full pack 


• 2 independent batteries for two power busses in one package 
•Four 24 cell cartridges 

• Low voltage pack is one cartridge 

• 8 cell virtual cell 

•3 series connected virtual cells 

• High voltage pack is 3 series connected cartridges 

• 2 cell virtual cell 

•36 series connected virtual cells 


Energy: i860 Wh 


•Runtime: ~i hour 
•Energy Density Wh/kg 


Operating Voltage 


• Low Voltage pack (42 Ah) 
•Nominal 10.95V 
•Ranges from 9V to 12.6V 
•High Voltage pack (10.6 Ah) 
•Nominal 131.4V 
•Ranges from 108 to 151V 


Max Continuous Discharge (HV): 30 A 
Max Continuous Discharge (LV): 60 A 







Resource Prospector (RP) 


• RP 





Battery 

Utilize Boston Power Swing 5300 cells 

12P24S layout consisting of quantity four 12P6S cartridges in series 
288 Cells 
Voltage 
• Max: 100.8 V 


• Max: 13665 W 

• 1C: 5606 W 
0.1C: 560 W 

Thermal Range (Cells) 

• Charge: -20 to 60C 

• Discharge: -40 to 70C 

• Storage: -40 to 60C 

• Significant Loss in capacity below 0C 

• Capacity Increases at higher temperatures 
Energy: 5571 Wh (100% DOD) 

Estimated Weight: 32 kg (70 lb) 

Estimated Gravimetric Energy Density: 1 74 wh/kg 


7 8 
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• Nominal: 87.6 V 


• Min: 72 V 
Current 


29-75 


• Max: 156 A 


• 0.1C: 6.4 A 


Power 



Battery Safety 
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Catastrophic Hazards 

• Conditions that lead to catastrophic failure 
(thermal runaway) 

° Overvoltage 

° Charging over discharged cells 
° Overcurrent 

° External heating (system design) 

° Internal Short 


Robonaut Battery 5/5/2014 


Safety Philosophy 

• Our safety philosophy is to control against all 
catastrophic causes with two fault redundancy 
in detection and mitigation 

• Action’s based upon fault detection are flexible 
by design and vary depending on the 
application 


*Additionally current testing and design efforts include working to prevent cell to cell 
propogation in the event of a single cell runaway 


Safety Electronics 


High Level: Operational Limits 



I 


Mid Level: Software/Firmware Limits 

• (Safety Critical Code adds cost and complexity) 







Low Level: Hardware Limits 

• (R2 hardware is 2 fault tolerant without software) 





Modular Battery Management System 


BMS Slave Board 


• Configurable to up to 12 series cells 

• Stackable up to 31 boards (372 series cells) 

• Over/Under Voltage Hardware Comparators 

• Over/Under Temp Hardware Comparators 

• Voltage and Temperature Monitoring 

• All hardware safeties trip an interlock signal which can be used by the 
master as a hardware inhibit 


BMS Master Board 


• Communicates with slave boards via i2c interface 

• Independent stack level Over/Under voltage monitoring 

• Over Current Monitoring 

• Disengages battery from system during any safety event 




Battery Management System Telemetry 


• Each Virtual Cell Voltage 

• Min/Max/Avg Cell Voltage 

• 12x Temp’s/Cartridge 

• Stack Voltage 

• Current 

• Error/Warning Flags 

• Error/Warning Counters 

• Cell Balancing Status 

• BMS state machine state 


• Firmware Version 

• Hardware Version 

• Discrete input states 

• Discrete output states 

• ADC Sample Counters 

• Local Power Supply Voltages 

• Charger Control Parameters 



Thermal Runaway Propagation 


• Investigating materials for unique thermal properties 

• Testing at the cell and pack level for propagation tolerance 

• Coordinating with parallel NASA Engineering Safety Council and Space 
Suit Battery team work 

• Developing thermal abuse models to aid with design of mitigation 
features 



MRV Battery Power Estimation 


• Estimated Vehicle Power Requirements based on 
NYCC Drive Cycle 

• Assumptions: 

• 4 e-Corners 

• Vehicle mass: 862Kg 

• Hotel power load: ~1500W 

• Acceleration: 0.3g 

• Deceleration: 0.3g (-l.Og emergency) 

• CD: 1.0 


Power Profile with CD of 1.0 

Required Drive Power vs Vehicle Speed 
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Power Profile with CD of 0.3 

Required Drive Power vs Vehicle Speed 



0 10 20 30 40 SO 60 70 

Vehicle Speed [mph] 
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Hybrid Battery/Capacitor bank 
options 

• NASA has investigated this approach for previous mobility system 
projects 

• Looked at different convertors, approaches for connecting the 
capacitor to the batteries 

• Initial architecture explored was large battery and large capacitor 
bank 

• This approach was influenced by size of Chariot rover design concept 

• NASA bought a custom built bi-directional DC-DC converter 
device from US Hybrid for evaluation 

• Initial evaluation was to send current back and forth between two 
batteries 

• Goal was to charge one electric vehicle with another vehicle 

• Other hybrid battery architectures explored involve pairing up a 
battery and a capacitor. 



MRV Energy Transfer between 
Batteries 


• Implemented bi-directional DC-DC Converter 

• Directly applicable to Hybrid power systems 

• Demonstrated power transfer in both directions 

• HV battery balancing 

• "Empty" one battery into the other in contingency 

• Arbitrary voltage and current setpoints (0-600V) 






Power Management 


• Low voltage "flavors" - many voltages used in MRV 

• 24V - motor controller logic voltage, power 
thermal system, computers 

• 12V - common for automotive systems 

• Familiar with down conversion to lower voltages for 
many systems 

• Dual redundant power systems in MRV 



Power Electronics Modules 


• Good success with COTS power modules 

• R2 uses MS Kennedy, high reliability power electronics for military and 
aerospace. PowerEX also used, US manufacturer of power modules, 
relationship with Mitsubishi. R2 uses PowerEX in legs 

• Sizing - expanding the top end range of power through the motor 
drives. Valkyrie fingers is smallest. Chariot 2 wheel module is largest 
power use, as implemented can accept 600V, deliver 225 amps 

• De-rating - numbers above are derated 50%. Vendors recommend 
establishing limits through testing. Motorcycle dyno testing used for 
MRV. 

• Supercar calls for lots of power, derating through modeling. Look to 
vendors for the models, we plug in our usage. 

• For MRV and Chariot Gen 2, Mitsubishi has a model that shows loss 
value. Testing was very successful in establishing derating levels 

• Commonality across subsystems - applied where feasible 



Regenerative Braking 


• NASA first implemented this with Chariot 

• NASA implementation for MRV is a blending of mechanical 
and regenerative braking 

• NASA sought motor which both a good motor as well as a 
good generator 

• Design requirements of accelerating at 0.3 g, decelerating at 
1 g were set for MRV. Acceleration requirement was 
accomplished in design, design for deceleration achieved 
0.5g 

• Regen power goes directly into MRV battery 

• For battery/supercap architecture, trade study needed to 
determine what regen power goes to battery vs supercap 



Regenerative Braking 


• Shunting when fully charged - needed for systems 
with no large energy reservoir 

• Robonaut 2 needed shunting 

• Chariot has shunt regulator 

• Our approach is to manage this operationally (don't 
charge it up all the way) 



Percent Braking Torque 


MRV Regeneration and Mechanical Braking 

Contributions 



■ Regen 
Mech 



